About Release

This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release.
It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack.

Download

Here you can download the mentioned files using various methods.

We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.

For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).

We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.

To make sure everyone using VulnHub has the best experience possible using the site, we have had to

limit the amount of simultaneous direct download files to two files, with a max speed of 3mb

.
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.

If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.

If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.

----------------
bee-box - README
----------------
bee-box is a custom Linux VM pre-installed with bWAPP.
With bee-box you have the opportunity to explore all bWAPP vulnerabilities!
bee-box gives you several ways to hack and deface the bWAPP website.
It's even possible to hack the bee-box to get root access...
This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education.
IT security, ethical hacking, training and fun... all mixed together.
You can find more about the ITSEC GAMES and bWAPP projects on our blog.
We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'.
This course can be scheduled on demand, at your location!
More info: http://goo.gl/ASuPa1 (pdf)
Enjoy!
Cheers
Malik Mesellem
Twitter: @MME_IT

-----------------
bee-box - INSTALL
-----------------
bee-box is a custom Linux VM pre-installed with bWAPP.
With bee-box you have the opportunity to explore all bWAPP vulnerabilities!
bee-box gives you several ways to hack and deface the bWAPP website.
It's even possible to hack the bee-box to get root access...
Requirements
////////////
*/ Windows, Linux or Mac OS
*/ VMware Player, Workstation, Fusion or Oracle VirtualBox
Installation steps
//////////////////
No! I will not explain how to install VMware or VirtualBox...
*/ Extract the compressed file.
*/ Double click on the VM configuration file (bee-box.vmx), or import the VM into the VMware software.
*/ Start the VM. It will login automatically.
*/ Check the IP address of the VM.
*/ Go to the bWAPP login page. If you browse the bWAPP root directory you will be redirected.
example: http://[IP]/bWAPP/
example: http://[IP]/bWAPP/login.php
*/ Login with the default bWAPP credentials, or make a new user.
default credentials: bee/bug
*/ You are ready to explore and exploit the bee!
Notes
/////
*/ Linux credentials:
bee/bug
root/bug
*/ MySQL credentials:
root/bug
*/ Modify the Postfix settings (relayhost,...) to your environment.
config file: /etc/postfix/main.cf
*/ bee-box gives you several ways to deface the bWAPP website.
It's even possible to hack the bee-box to get root access...
Have fun!
*/ Take a snapshot of the VM before hacking the bee-box.
There is also a backup of the bWAPP website (/var/www/bWAPP_BAK).
*/ To reinstall the bWAPP database, delete the database with phpmyadmin (http://[IP]/phpmyadmin/).
Afterwards, browse to the following page: https://[IP]/bWAPP/install.php
*/ Don't upgrade the Linux operating system, you will lose all fun :)
This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education.
IT security, ethical hacking, training and fun... all mixed together.
You can find more about the ITSEC GAMES and bWAPP projects on our blog.
We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'.
This course can be scheduled on demand, at your location!
More info: http://goo.gl/ASuPa1 (pdf)
Enjoy!
Cheers
Malik Mesellem
Twitter: @MME_IT

Training page: http://www.mmeit.be/en/bwapp_training.htm
Blog page: http://itsecgames.blogspot.co.uk/2013/07/bee-box-hack-and-deface-bwapp.html
The original release of 'bee-box (v1.3)' came out on the 2014-April-19, however, there was an issue extracting it: https://twitter.com/MME_IT/status/457980827281158144.
Replacement release came out on the 2014-April-21 (same filename).

Description

This section is for various information that has been collected about the release, such as quotes from the webpage and/or the readme file.
These sources of information are usually helpful towards the completion of the release as the author can drop hints* as well as methods to help get the release up and working.

* This is a 'little' hint. Useful to help you get started and it shouldn't give anything away that you quickly could find out for yourself.

Checksum

To make sure that the files haven't been altered in any manner, you can check the checksum of the file.
This makes sure that the you have acquired the same file which was transferred to you, without being modified/changed/damaged.

Some authors publish the checksums in the README files, on their homepages or sometimes inside compressed archive (if it has been compressed).
VulnHub also lists the MD5 & SHA1 checksums for every file which it offers to download, allowing you to check. You can find all the checksums here, otherwise, they will be individually displayed on their entry page. To check the checksum, you can do it here.

Walkthroughs

The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.

Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.

* This is a spoiler. It could possibly show you a way of completely solving it.